Security Advisory for Malware on QTS

Summary

A previously reported malware prevents affected QNAP NAS devices from detecting updates for QTS, installing Malware Remover, and updating other applications. We have enhanced the built-in security mechanism in the QTS versions listed below. This enhancement allows QTS to disable the malware.

• QTS 4.3.6: QTS 4.3.6 build 20190328 and later
• QTS 4.3.4: QTS 4.3.4 build 20190322 and later
• QTS 4.3.3: QTS 4.3.3 build 20190322 and later
• QTS 4.2.6: QTS 4.2.6 build 20190322 and later

Recommendation

To resolve the issue, you must:

1. Manually update QTS to the latest version.
2. Update all apps installed on your NAS.

Manually Installing the QTS Update

1. Log on to QTS as administrator.
2. Go to Control Panel > System > System Status.
   The system information appears.
3. Take note of the model name and firmware version.
4. On your browser, go to https://www.qnap.com/download.
5. Select your device model.
   The download list appears.
6. Click Operating System.
7. Under Remarks, click , and read the release notes.
8. Under Download Link, click your region.
   The web browser downloads the zip file.
9. Unzip the QTS update.
10. In QTS, go to Control Panel > System > Firmware Update.
    The Live Update screen appears.
11. Click Firmware Update.
12. Read the instructions, and then click Browse.
    The file browser appears.
13. Select the QTS update.
14. Click Update System.
    QTS installs the update.

Updating All NAS Applications

1. Log on to QTS as administrator.
2. Open App Center.
3. Locate Install Updates on the upper right corner of the screen.
4. Click All.
   A confirmation message appears.
5. Click OK.
   QTS updates all installed applications.